ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2024-12-18 10:26:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update OAuth Misconfiguration.md

Browse Source
This commit is contained in:
Muhammad Daffa 2021-07-21 22:43:05 +07:00 committed by GitHub
parent 338475aee1
commit 5e63deac91
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
OAuth Misconfiguration.md
View File

@ -10,4 +10,7 @@
9. Try to remove email from the scope and add victim's email manually. 9. Try to remove email from the scope and add victim's email manually.
10. Only company's email is allowed? > Try to replace hd=company(.)com to hd=gmail(.)com 10. Only company's email is allowed? > Try to replace hd=company(.)com to hd=gmail(.)com
11. Check if its leaking client_secret parameter. 11. Check if its leaking client_secret parameter.
12. Go to the browser history and check if the token is there. 12. Go to the browser history and check if the token is there.
Reference:
- https://twitter.com/tuhin1729_/status/1417843523177484292